Problem
When you try to logon to computer on a domain, you may receive the following error "The trust relationship between this workstation and the primary domain failed"
Cause
Domain computers set up secure communications by using a computer account in the domain. For this to work, the computer account is protected by a password which is usually changed by the domain computer every 30 days.
If the computer account becomes out of sync - i.e. the password does not match for some reason - the domain computer will be unable to log onto the domain.
The account can go out of sync for a number of reasons including:
- A second computer with the same name has been added to the domain
- The computer has been reimaged without then being removed/re-added to the domain properly
- The computer account has been reset within Active Directory
- If the computer is a virtual computer, it has been snapshot restored back to an earlier time after the computer account password was changed automatically
Resolution
There are several possible methods to rectify this problem.
Quick Method
The first step would be to try and to reset the secure connection. From the Domain Controller, open Powershell or Command Prompt as an Administrator and type in:
Netdom reset ComputerClientName /Domain: DomainName
Full Method
If the quick method doesn't work, then you will need to remove the computer from the domain, reset the account within Active Directory (see above) and then re-join the computer back to the domain.
- On the client PC logon as a local/domain administrator
- Navigate to Control Panel > System
- Under Computer Name, Domain and Workgroup settings > click Change Settings and join the machine back to a Workgroup. Restart the machine
- On the Domain Controller, right click the Computer account > All Tasks > Reset
- Finally on the client PC, navigate back to Control Panel > System > under Computer Name, Domain and Workgroup settings > click Change Settings and join the machine back to the domain. Restart the machine.
Applies to:
- All systems running on a Windows Domain Network